Go to file

Renovate Bot 4a8f58be41 chore(deps): update minio/minio:latest docker digest to be3db71		2024-07-15 13:32:56 +00:00
apps	chore(deps): update minio/minio:latest docker digest to be3db71	2024-07-15 13:32:56 +00:00
infra	chore(deps): update ghcr.io/lordmathis/k9s-web:latest docker digest to 6db8f88	2024-07-03 09:26:42 +00:00
.gitignore	Add sops and gitignore	2023-11-28 21:06:09 +00:00
.sops.yaml	Add sops and gitignore	2023-11-28 21:06:09 +00:00
Makefile	Add dev-container	2024-04-25 19:55:49 +00:00
README.md	Update README.md	2023-12-20 22:22:24 +00:00
renovate.json	Add kubernetes dependecies to renovate	2024-06-03 13:21:25 +00:00

README.md

K3s Configs

Helm configs and Kubernetes manifests for my dev cluster managed by Kustomize.

Structure

infra
- storage: Local path provisioner configuration
- traefik: Reverse proxy with wildcart SSL certificates
- authelia: SSO and basic auth provider
apps
- gitea: Git server with Actions and renovate-bot
- mlflow: Machine learning model tracking and store
- namesny-com: Personal website and blog

Requirements

Usage

Generate age key

mkdir -p $HOME/.config/sops/age
age-keygen -o $HOME/.config/sops/age/keys.txt

Create .sops.yaml file in the repo root and copy the age public key

.sops.yaml

creation_rules:
  - unencrypted_regex: "^(apiVersion|metadata|kind|type)$"
    age: "<age public key>"

Create secret.yaml

apiVersion: v1
kind: Secret
metadata:
  name: mysecret
type: Opaque
data:
  username: YWRtaW4=
  password: MWYyZDFlMmU2N2Rm

Encrypt the secret using sops

sops -e secret.yaml > secret.enc.yaml

Create secret-generator.yaml

apiVersion: viaduct.ai/v1
kind: ksops
metadata:
  name: gitea-secret-generator
  annotations:
    config.kubernetes.io/function: |
        exec:
          path: ksops        
files:
- ./secret.enc.yaml

Use secret generator in kustomization.yaml

generators:
  - ./secret-generator.yaml

Deploy application

kustomize build --enable-helm --enable-alpha-plugins --enable-exec . | k apply -f -